@pmbuko pmbuko released this Oct 12, 2015 · 53 commits to master since this release


  • Local account checking now works properly.
  • The command that adds ADPassMon to the TCC.db (which grants permission for applications that control UI elements) now works with OS 10.11.


While starting, ADPassMon now checks whether the current user account is local. If it is local, by default it will halt all further processes, but will otherwise stay loaded (using minimal resources). This is by design since some environments launch ADPassMon via a KeepAlive LaunchAgent which would just keep launching it if it were to quit.

You may wish to override this default behavior for a local account -- for example, if you have a local account on a bound computer with the same name as your AD account and you want to see your password expiration info. To do this, set the runIfLocal property to true to tell ADPassMon to run normally:

defaults write org.pmbuko.ADPassMon runIfLocal -bool true